Guilty plea in attempted cyber-attack on US govt. computers

WASHINGTON (AP) — A former Nuclear Regulatory Commission scientist pleaded guilty Tuesday to a federal computer crime, admitting that he attempted to launch a cyber-attack on government computers by sending employees emails that he thought contained a virus.

Charles Harvey Eccleston, who was detained in the Philippines last year and deported to the United States to face charges, is scheduled to be sentenced in April. Federal sentencing guidelines call for him to spend at least two years behind bars.

Prosecutors say Eccleston, 62, last year attempted "spear-phishing" emails to dozens of Energy Department email accounts — a technique in which hackers send targeted, legitimate-looking emails that when opened can launch malicious software onto a recipient's computer network. The email link in this case — an invitation to a scientific conference — was actually benign and supplied by an undercover FBI agent who was posing as a foreign intelligence officer.

The Justice Department says Eccleston, who is quoted in an FBI affidavit as saying he was once a "patriot" but became angry after he lost his job, had hoped to expose the Energy Department computer system to a virus and extract sensitive information that could then be collected by a foreign country.

The scheme began in 2013 when Eccleston walked into a foreign embassy in the Philippines — where he moved after being fired from the NRC in 2010 — and offered to sell a list of more than 5,000 email addresses of Energy Department employees in exchange for $18,800. Eccleston said that if the embassy refused, he could turn around and offer the "top secret" information to Iran, Venezuela or China. The identity of the embassy Eccleston approached was not revealed in court documents and remains classified, prosecutors said.

Instead, the embassy contacted the FBI, and undercover agents then reached out to Eccleston to coordinate on the planned cyber-attack.

A 50-page FBI affidavit filed in the case reveals extensive back-and-forth planning between Eccleston and the undercover agents, with Eccleston at one point explaining that he was once a "patriot" who "believed in the flag" but became disgruntled after he left the government. He also understood that he would be in serious legal trouble if caught.

"If we make a mistake, I'm going to be locked up for the rest of my life," Eccleston is quoted as saying.

In January 2015, prosecutors said, Eccleston sent the email that he thought was infected to roughly 80 Energy Department employees at laboratories and other locations around the country. He was then taken into custody after he showed up for a meeting with the undercover agent at which he thought he would be paid roughly $80,000 for sending the emails.

Eccleston spoke briefly at the plea hearing Tuesday and defended himself by saying that the email addresses in question were not classified.

"I never set out to do anything that this developed into," Eccleston told U.S. District Judge Randolph Moss.